Hi,
i want to ask:
I need to divide my Outside ASA interface to subinterfaces like this (VPN will be terminatedon subinterfaces):
.
.
interface GigabitEthernet0/0
!
interface GigabitEthernet0/0.1
nameif Outside
security-level 0
ip address 117.x.x.x 255.255.255.224
vlan 30
!
interface GigabitEthernet0/0.2
nameif Outside2
security-level 0
ip address 118.x.x.x 255.255.255.248
vlan 40
!
.
.
Physical interface gigabitEthernet0/0 will be connected to cisco switch (because there are two ASA´s in active-standby configuration we need cable to primary,secondary ASA) and from switch to ISP router.
How to configure this switch? Should I configure conected interfaces to trunk all vlans?
Is this configuration sufficient and good or not?
hostname Switch
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
description To_ASA1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
description To_ASA2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
description To_ISP
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan30
no ip address
!
interface Vlan40
no ip address
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 5 15
!
end
Thank for any advice.
